{"title":"Session Token Prediction via Weak Random Number Generation","language":"Python","severity":"Critical","cwe":"CWE-338","source_lines":[10],"flow_lines":[10,11],"sink_lines":[11],"vulnerable_code":"import random\nimport time\nfrom flask import Flask, session\n\napp = Flask(__name__)\n\n@app.route('/iot/device/provision')\ndef provision_iot_device():\n    device_id = request.args.get('device_id')\n    random.seed(int(time.time()))\n    device_token = ''.join([str(random.randint(0, 9)) for _ in range(24)])\n    session['iot_auth_token'] = device_token\n    return {'device_id': device_id, 'auth_token': device_token, 'expires': 3600}","explanation":"The code uses Python's random module seeded with time.time() to generate authentication tokens for IoT devices. Since time.time() is predictable and random is not cryptographically secure, attackers can predict token values by knowing approximate provisioning time and brute-forcing the small time window, allowing unauthorized device impersonation.","remediation":"The fix replaces the insecure random module (seeded with predictable time.time()) with Python's secrets module, which uses a cryptographically secure random number generator (CSPRNG). The token is now generated using secrets.token_urlsafe(32), producing a 256-bit token with high entropy that is resistant to prediction attacks. Additionally, the Flask secret_key is set using secrets.token_hex(32) to ensure session integrity.","secure_code":"import secrets\nimport string\nfrom flask import Flask, session, request\n\napp = Flask(__name__)\napp.secret_key = secrets.token_hex(32)\n\n@app.route('/iot/device/provision')\ndef provision_iot_device():\n    device_id = request.args.get('device_id')\n    device_token = secrets.token_urlsafe(32)\n    session['iot_auth_token'] = device_token\n    return {'device_id': device_id, 'auth_token': device_token, 'expires': 3600}"}